[
https://issues.apache.org/jira/browse/METRON-984?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16037215#comment-16037215
]
Otto Fowler commented on METRON-984:
------------------------------------
for simplicity's sake, couldn't it be preferable to have DECODE_BASE64(field,
optional_failure_mode)? and other methods?
Implementation wise it would still boil down to that signature, and we could
expose the verbose function as well.
Would you imagine something like:
For this field, try to decode it many ways, and put the decoded value in a
field for that type
base64_field = DECODE_BASE64(log_f, o_f_m)
url decode_field = DECODE_URL(log_f,o_f_m )
??
> Create Stellar Decoding Functions
> ---------------------------------
>
> Key: METRON-984
> URL: https://issues.apache.org/jira/browse/METRON-984
> Project: Metron
> Issue Type: Improvement
> Reporter: Jon Zeolla
> Assignee: Otto Fowler
>
> It is rather commonplace for malicious actors to obfuscate exploits or data
> transfers using encoding. In order to identify and prioritize responses to
> (or automatically mitigate) those attacks during threat triage we should have
> a method for decoding in Stellar. Some initial thoughts would be to handle
> percent/URL encoding, base64, base32, base16/hex, HTML encoding, etc.
> I would expect that something like DECODE(something, encoding_type,
> optional_failure_mode) would return the contents of field "something" after
> attempting to decode it via "encoding_type". If decoding fails,
> optional_failure_mode would indicate whether or not to fail the message and
> send it to the error topology, or to simply return the contents of the
> original field "something" (in this example).
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
